Videos

  • Add Videos
  • View All

Latest Activity

Profile Icon
Greg Vallenari is now a member of splunkninja Sunday
Welcome Them!
Profile Icon
Mike Hartford commented on Michael Wilde's video
Got it thanks
Thumbnail

Splunk Ninja - Basic Training: Splunk & LDAP Authentication

Feb 8
Profile Icon
Michael Wilde commented on Michael Wilde's video
Sure...  When you do group mapping, map them to groups that don't have the domain admins in them.  I have a separate OU=Groups that has "Splunk Users, Splunk Admins, Splunk Power Users" as group names, and specific users…
Thumbnail

Splunk Ninja - Basic Training: Splunk & LDAP Authentication

Feb 8
Profile Icon
Mike Hartford commented on Michael Wilde's video
I want to give LDAP access to my splunk servcie but I don't want the LDAP users to have admin capabilitys in Splunk.  Can I keep the domain admins out of Splunk if I have LDAP authentication???
Thumbnail

Splunk Ninja - Basic Training: Splunk & LDAP Authentication

Feb 7
Profile Icon
Mike Hartford left a comment for Jonathan Hawes
Helow Jonathan,   Glad to have another Splunker.  I've been useing Splunk for 2 years and am hooked.  I leared how to spell splunk and | transaction too.  you'll learn that one soon.   Go over to Splunk…
Feb 7
Profile Icon
Mike Hartford commented on Mike Hartford's blog post 'tees for the holy day'
  Holy Batskins Ninja, zzzzzwap zgruppp kapow a hidden stash, how great is that!!!!   The team that found them must have special bat senses and highly tooned Splunking skills   I like to wear Extra Lovable…
Feb 7
Profile Icon
Learning, learning, learning . . . Our Splunk "expert" is gone, and the non-programmer gets to learn the task! How do you spell SPLUNK?
Status posted by Jonathan Hawes Feb 7
0 Comments
Profile Icon
Jonathan Hawes is now a member of splunkninja Feb 7
Welcome Them!
harish
harish
  • New York, NY
  • United States
Share on Facebook Share on Facebook Share Twitter

harish's Discussions

Splunk equivalent of the *nix 'cut -d' ' -f1-5
3 Replies

Hello,I just started playing with splunk. I looked thru the docs and unable to find any commands that allow me to do the *nix equivalent of 'cut -d' ' -f1,5'Any comments appreciatedThanksHarishContinue

Started this discussion. Last reply by Michael Wilde Nov 13, 2009.

 

harish's Page

Gifts Received

Gift

harish has not received any gifts yet

Give harish a Gift

Latest Activity

Profile Icon
Michael Wilde replied to harish's discussion 'Splunk equivalent of the *nix 'cut -d' ' -f1-5'
You may want to give the "Extract Fields" option on the event menu (right next to each event's timestamp. It will build a regex for you and persist it--so its always extracted... However, if you're event structure is basically…
Nov 13, 2009
Profile Icon
harish replied to harish's discussion 'Splunk equivalent of the *nix 'cut -d' ' -f1-5'
Micheal I search for "SiteWs" and get the below event "Timestamp: 11/12/2009 2:09:41 PM Title: (SiteWS) Message: [@SiteIdService getWebServiceResult()] [SessionID: 5wrjjxk0osv33k] [TheNewCustomer:…
Nov 13, 2009
Profile Icon
Michael Wilde replied to harish's discussion 'Splunk equivalent of the *nix 'cut -d' ' -f1-5'
Harish.. Are you attempting to do field extraction---a well written regex should be able to reproduce what you want... Got a sample? Post it and we'll see if we can figure it out.
Nov 13, 2009
Profile Icon

Splunk equivalent of the *nix 'cut -d' ' -f1-5

Hello,I just started playing with splunk. I looked thru the docs and unable to find any commands that allow me to do the *nix equivalent of 'cut -d' ' -f1,5'Any comments appreciatedThanksHarishSee More
Discussion posted by harish Nov 12, 2009
3 Comments
Profile Icon
harish is now a member of splunkninja Nov 12, 2009
Welcome Them!

Profile Information

Are you an existing splunk user?
Free
What do you do for your day job?
Lost

Comment Wall

  • No comments yet!

You need to be a member of splunkninja to add comments!

Join splunkninja

 
 
 

© 2012   Created by Michael Wilde.

Badges  |  Report an Issue  |  Terms of Service